refactor: put storagebox code in module

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>

modules/nixos/default.nix

@@ -1,4 +1,5 @@
 {
   # my-module = import ./my-module.nix
   namespaced-vpn = import ./namespaced-vpn.nix;
+  storagebox = import ./storagebox.nix;
 }

modules/nixos/storagebox.nix

@@ -0,0 +1,86 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+let
+  cfg = config.services.storagebox;
+in
+{
+  options.services.storagebox = {
+    enable = mkEnableOption "storagebox";
+
+    hostname = mkOption {
+      type = types.str;
+    };
+
+    hostKey = mkOption {
+      type = types.str;
+    };
+
+    user = mkOption {
+      type = types.str;
+    };
+
+    sshKeyFile = mkOption {
+      type = types.path;
+    };
+
+    plainMountPoint = mkOption {
+      type = types.str;
+      default = "/mnt/box";
+    };
+
+    cryptMountPoint = mkOption {
+      type = types.str;
+      default = "/data";
+    };
+
+    passFile = mkOption {
+      type = types.path;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      gocryptfs
+      sshfs
+    ];
+
+    programs.ssh.knownHosts.storageBox = {
+      hostNames = [ cfg.hostname ];
+      publicKey = cfg.hostKey;
+    };
+
+    fileSystems."${cfg.plainMountPoint}" = {
+      device = "${cfg.user}@${cfg.hostname}:/home";
+      fsType = "fuse.sshfs";
+      options = [
+        "defaults"
+        "_netdev"
+        "allow_other"
+        "default_permissions"
+        "port=23"
+        "compression=no"
+        "reconnect"
+        "ServerAliveInterval=15"
+        "IdentityFile=${cfg.sshKeyFile}"
+      ];
+    };
+
+    fileSystems."${cfg.cryptMountPoint}" = {
+      depends = [
+        "${cfg.plainMountPoint}"
+      ];
+      device = "${cfg.plainMountPoint}/crypt";
+      fsType = "fuse.gocryptfs";
+      options = [
+        "rw"
+        "allow_other"
+        "passfile=${cfg.passFile}"
+      ];
+    };
+  };
+}